Vulnerabilities (CVE)

Filtered by vendor Cuppacms Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24265 1 Cuppacms 1 Cuppacms 2024-02-28 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVE-2020-26048 1 Cuppacms 1 Cuppacms 2024-02-28 6.5 MEDIUM 8.8 HIGH
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
CVE-2018-19559 1 Cuppacms 1 Cuppacms 2024-02-28 7.5 HIGH 9.8 CRITICAL
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
CVE-2018-17300 1 Cuppacms 1 Cuppacms 2024-02-28 3.5 LOW 4.8 MEDIUM
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2024-02-28 3.5 LOW 5.4 MEDIUM
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.